Privacy Test

8 Questions | Total Attempts: 46

SettingsSettingsSettings
Please wait...
Team Quizzes & Trivia

Questions and Answers
  • 1. 
    As part of his duties as the team leader for a systems team, Walter is required to store data. This storage is for the purpose of restoring data for a player in the case there was any data lost by an update/glitch etc. To ensure that the requests are valid, Walter must validate the user is actually who they say they are. Walter has existing verification methods and is looking to develop more of a long term solution. Walter decided that the best verification is to collect user mobile numbers and profile verification could be done by text in future. What are the privacy issues with Walter’s method? Click all answers that are relevant.Select the correct answer (there may be more than one):
    • A. 

      This is personal Information

    • B. 

      This is sensitive Information

    • C. 

      This is unsolicited Information

    • D. 

      This is information about a child under 14

    • E. 

      The end user should consent to the collection of this information

    • F. 

      This is a clear breach of privacy

    • G. 

      The storage of the information must comply with the privacy procedures

    • H. 

      Users can update/delete information if they request it

    • I. 

      There must be sufficient security/control over the data

    • J. 

      The privacy policy should disclose this use by Walter

  • 2. 
    Whoops! Did I do that?! Jasper has written a very personal email that was intended for his friend Tony. This email contained information about Tony’s membership of the Australian Labor Party. It also contained information about Jasper’s sexual preferences. Whilst attempting to send to Tony, an auto-predict email jumped up and it was sent to a Halfbrick address instead.You are the Halfbrick recipient of this email. What do you do?Select the correct answer (there may be more than one):
    • A. 

      Post the email on Reddit.

    • B. 

      Post the email on Reddit and on Facebook.

    • C. 

      Reply to Jasper saying that he sent the email to the wrong person.

    • D. 

      Delete the email.

    • E. 

      Delete the email and send a separate email to Jasper confirming you have deleted the email.

  • 3. 
    Consider the scenario where the email also contained information about a proposed hack attack on Halfbrick servers. Would your response be any different?
    • A. 

      Post the email on Reddit.

    • B. 

      Post the email on Reddit and on Facebook.

    • C. 

      Reply to Jasper saying that he sent the email to the wrong person.

    • D. 

      Delete the email and send a separate email to Jasper confirming you have deleted the email.

    • E. 

      Call the police.

    • F. 

      Forward the email to the police.

    • G. 

      Forward the email to [email protected]

    • H. 

      Immediately tell the relevant Halfbrick people about the planned attack.

  • 4. 
    Direct Marketing Halfbrick wants to cross promote their new game "Privacy Stars". In the past, we have found the cross promotion tactic effective, but we want to find new ways to improve the service. Marketing team decide to start tracking people who spent money in "Band Stars". Once they identify the users, they create a list of emails and send out a bulk email offering these users free downloads and $5 free In-app purchases. Furthermore, all of the ads in their games are changed to push the new game. What are the privacy issues here?Select the correct answer (there may be more than one):
    • A. 

      This is sensitive information.

    • B. 

      This is unsolicited information.

    • C. 

      This is information about a child under 14.

    • D. 

      The end user will need to sign a Data Protection Deed.

    • E. 

      The end user should consent to the collection of this information.

    • F. 

      This is a clear breach of privacy.

    • G. 

      Does our privacy policy should let us market / advertise to the Band Star users?

    • H. 

      Users can update/delete information if they request it.

    • I. 

      This is direct marketing.

    • J. 

      This is just normal advertising.

    • K. 

      Can the user opt out?

    • L. 

      This is direct marketing and therefore its not allowed.

    • M. 

      Does the privacy policy allow this kind or marketing?

    • N. 

      The app should clearly state that there will be in-app purchases and direct marketing

  • 5. 
    Share and share alikeHalfbrick decides to investigate wider business opportunities. At GDC you meet reps from Contingent, a 3rd party supplier known for providing excellent analytics. They offer a unique service and from all initial discussions everything looks great. Direct referrals from other companies to Halfbrick has shown this is a reputable service provider. What steps do you need to take to appoint them as a Halfbrick supplier?Select the correct answer (there may be more than one):
    • A. 

      Ask them for their contract, sign and return it

    • B. 

      They should sign a data protection deed.

    • C. 

      I need to make sure they are able to carry out the requirements in the data protection deed

    • D. 

      I should develop a strong relationship with them. If anything goes wrong, I need to know

    • E. 

      I need to make sure they have good internal policies and procedures for privacy and data

    • F. 

      The end user should consent to the collection of this information.

    • G. 

      I should check to see if they have had any previous problems with privacy or data breaches.

    • H. 

      I should check that they take privacy seriously.

    • I. 

      We might need to update our privacy policy.

    • J. 

      We don’t need to update our privacy policy.

    • K. 

      I should discuss this with a privacy officer.

    • L. 

      This should be a set and forget arrangement.

    • M. 

      They need to be included in our audit process.

    • N. 

      We might need to update our internal policies to include them

  • 6. 
    Data Security Deed and how it worksYou have just stepped into a new role with Halfbrick. You start working closely with Contingent, our new analytics provider. When speaking with one of their staff, they inform you they do not have a privacy policy. A quick look on their website confirms this. What do you do?
    • A. 

      Nothing. This is their problem, not mine.

    • B. 

      Nothing. Its probably just a temporary problem, they will sort it out.

    • C. 

      I ask them to fix it and to tell me when its done.

    • D. 

      I should tell the privacy officers about this.

    • E. 

      I need to check I've got a signed copy of the data protection deed I sent them.

    • F. 

      I might need to stop all data being sent to them.

    • G. 

      They might be in breach of the Australian privacy laws.

    • H. 

      They might be in breach of the data protection deed.

    • I. 

      Raise the question of whether we continue to do business with them.

  • 7. 
    Cross-border disclosure of Personal InformationYou are Halfbrick’s relationship manager for Amazon Web Services, who supplies data warehousing to us. You receive a notice from them advising, that due to a change in their business strategy, they are moving their servers from Virginia to Beijing.What do you do?
    • A. 

      Nothing

    • B. 

      Let the privacy officers know.

    • C. 

      I am not sure I am comfortable with all our data being in China.

    • D. 

      If we are moving to china, we’ll need to change our privacy policy and our internal procedures.

    • E. 

      We need to ensure that Amazon continues to comply with the Data Protection Deed.

  • 8. 
    Kids PlayHalfbrick’s latest paid-for game Private Ninja proved a big hit in the 9-13 year old boy category of focus testers. Knowing boys love to be in a gang, you have devised an ingenious way for Bricknet users to form gangs within the game, to strategize within the gang and to compete against other rival gangs. Talking to the marketing team about the new ideas, they suggested using this option to promote the game to kids across the broader family of Halfbrick games. In particular, by ingame advertising in Maths Master on the idea of “Click here to join the secret dojo”.What are the privacy issues here?
    • A. 

      This is personal information.

    • B. 

      This is sensitive information.

    • C. 

      This is unsolicited information.

    • D. 

      This is information about a child under 14.

    • E. 

      The end user will need to sign a Data Protection Deed.

    • F. 

      The end user should consent to the collection of this information.

    • G. 

      This is a clear breach of privacy.

    • H. 

      Children can’t consent in this scenario, we need to get their parent/guardian permission.

    • I. 

      We are not allowed to advertise or direct market in our child safe games.

    • J. 

      We have obligations under COPPA in relation to this. I think COPPA says we can’t do this.

    • K. 

      This is just normal advertising.

    • L. 

      Targeting kids with a “secret dojo” is not a good look.

    • M. 

      This is direct marketing and therefore its not allowed.

    • N. 

      Does the privacy policy allow this kind or marketing?

    • O. 

      The app should clearly state that there will be in-app purchases and direct marketing.